Index
A
- alternative SSL configurations / Alternative SSL configurations
- AppArmor
- URL / The SELinux framework
- arildjensen/cis module
- about / The arildjensen/cis module
- attributes, audit
- reference link / Available attributes
- content / Available attributes
- ctime / Available attributes
- ensure / Available attributes
- group / Available attributes
- mode / Available attributes
- mtime / Available attributes
- owner / Available attributes
- selrange / Available attributes
- selrole / Available attributes
- seltype / Available attributes
- seluser / Available attributes
- type / Available attributes
- audit
- use cases / What can be audited
- using, on files / Using audit on files
- attributes / Available attributes
- about / Things to know about audit
- auditd
- about / Introducing SELinux and auditd
- references / The auditd framework for audit logging
- configuring, with community modules / Configuring auditd with community modules
- auditd class, parameters
- logagent / Configuring auditd with community modules
- rules / Configuring auditd with community modules
- config_override / Configuring auditd with community modules
- package_name / Configuring auditd with community modules
- auditd framework
- for audit logging / The auditd framework for audit logging
- auditing
- alternatives / Alternatives to auditing
- audit meta-parameter
- about / The audit meta-parameter
- audit system
- working / How it works
- augeas / The herculesteam/augeasproviders series of modules
- augeasproviders
- SSH, managing with / Managing SSH with augeasproviders
- augeasproviders modules
- auth.conf file
- about / The auth.conf file
- reference link / The auth.conf file
- autosigning certificates
- about / Autosigning certificates
- naïve autosign / Naïve autosign
- basic autosign / Basic autosign
- policy-based autosign / Policy-based autosign
B
- bash scripting / PuppetDB and reporting
- basic autosign / Basic autosign
- Bcfg2
- about / What is Puppet?
- Beaker
- reference link / Adding our second Vagrant host
- best practice, for writing Puppet code
- reference link / Creating the manifest
- built-in processors
- reference link / Basic Puppet reporting
C
- CentOS advisory
- reference link / Example – finding heartbleed-vulnerable systems
- Certificate Authority (CA)
- about / SSL and Puppet
- Certificate Revocation List (CRL) / Revoking certificates
- certificates
- signing / Signing certificates
- revoking / Revoking certificates
- Certificate Signing Request (CSR)
- about / Signing certificates
- CFEngine
- about / What is Puppet?
- URL / What is Puppet?
- Chef
- about / What is Puppet?
- URL, for obtaining / What is Puppet?
- CIS benchmark
- Cisco method, on-device management
- reference link / Puppet device management
- classes
- about / The Puppet client-server model
- client-server model, Puppet
- about / The Puppet client-server model
- community modules
- reference link / Vendor-supplied defaults and the PCI
- about / Vendor-supplied defaults and the PCI
- SELinux, configuring with / Configuring SELinux with community modules
- auditd, configuring with / Configuring auditd with community modules
- community processors
- reference link / Basic Puppet reporting
- compliance, Puppet / Puppet for security and compliance
- Compliance dashboard
- reference link / Things to know about audit
- components, Puppet
- about / Other Puppet components
- PuppetDB / PuppetDB
- Hiera / Hiera
- configuration management tool / What is Puppet?
- configuration options
- path / The auth.conf file
- environment / The auth.conf file
- method / The auth.conf file
- auth / The auth.conf file
- allow / The auth.conf file
- allow_ip / The auth.conf file
- contexts
- about / The SELinux framework
- cron
- about / The Puppet client-server model
- custom facts
- using / Using custom facts
D
- declarative systems
- versus imperative systems / Declarative versus imperative approaches
- properties / Declarative versus imperative approaches
- default configuration settings, Puppet
- reference link / The auth.conf file
- Domain-specific Language (DSL)
- about / What is Puppet?
E
- ebtables
- about / Introducing the firewall module
- Elasticsearch
- about / Welcome to logging happiness
- installing / Installing Elasticsearch
- ELK stack
- installing / Installing the ELK stack
- environment
- preparing, for examples / Preparing the environment for examples
F
- facts
- using, for compliance / Facts for compliance
- Puppet roles pattern / The Puppet role's pattern
- custom facts, using / Using custom facts
- files
- audits, using on / Using audit on files
- fileserver.conf file
- about / The fileserver.conf file
- restricted file mount, adding / Example – adding a restricted file mount
- file system permissions
- URL, for wiki / Installing the ELK stack
- file type parameters, SELinux
- selinux_ignore_defaults / File parameters for SELinux
- Selrange / File parameters for SELinux
- Selrole / File parameters for SELinux
- seltype / File parameters for SELinux
- seluser / File parameters for SELinux
- firewallchain type
- about / The firewallchain type
- firewall chain type, parameters
- ensure / The firewallchain type
- ignore / The firewallchain type
- name / The firewallchain type
- policy / The firewallchain type
- provider / The firewallchain type
- purge / The firewallchain type
- firewall module
- about / Introducing the firewall module
- firewall rules
- adding, to modules / Adding firewall rules to other modules
- firewall type
- about / The firewall type
- reference link / The firewall type
- firewall type, parameters
- action / The firewall type
- chain / The firewall type
- destination / The firewall type
- dport / The firewall type
- dst_range / The firewall type
- ensure / The firewall type
- jump / The firewall type
- name / The firewall type
- port / The firewall type
- proto / The firewall type
- reject / The firewall type
- source / The firewall type
- sport / The firewall type
- src_range / The firewall type
- state / The firewall type
- tcp_flags / The firewall type
- future parser
- reference link / Other Puppet resources
G
- git
- reference link / Tracking history with version control
- used, for tracking Puppet configuration / Using git to track Puppet configuration
- URL / Using git to track Puppet configuration
H
- heartbleed
- reference link / Reporting for compliance
- heartbleed-vulnerable systems
- herculesteam modules
- Hiera
- about / Hiera
- reference link / The hiera-eyaml gem
- hiera-eyaml
- reference link / The hiera-eyaml gem
- hiera-eyaml gem
- about / The hiera-eyaml gem
- hostmanager plugin
- reference link / Adding our second Vagrant host
- working with / Working with hostmanager
- hosts
- configuring, for reporting log data / Configuring hosts to report log data
I
- imperative systems
- versus declarative systems / Declarative versus imperative approaches
- properties / Declarative versus imperative approaches
- iptables
- about / Introducing the firewall module
- reference link / Introducing the firewall module
K
- Kibana
- about / Reporting on log data
- installing / Installing Kibana
- Kibana (ELK stack)
- about / Welcome to logging happiness
L
- librarian-puppet
- logging
- about / Welcome to logging happiness
- Logstash
- about / Welcome to logging happiness
- and Puppet / Logstash and Puppet
- installing / Installing Logstash
M
- Mandatory Access Controls (MACs)
- about / The SELinux framework
- manifest
- creating / Creating the manifest, First run of the manifest
- manifests
- about / The Puppet client-server model
- used, for documenting system state / Using manifests to document the system state
- history, tracking with version control / Tracking history with version control
- module
- modifying, for audit / Modifying the module to audit
- modules
- reference link / Using noop
- tracking, separately / Tracking modules separately
- firewall rules, adding to / Adding firewall rules to other modules
N
- Nagios
- about / Welcome to logging happiness
- National Security Agency (NSA)
- about / The SELinux framework
- naïve autosign / Naïve autosign
- Network Time Protocol (NTP) / Adding firewall rules to other modules
- drawbacks / Is allowing all to NTP dangerous?
- noop
- about / Change tracking with Puppet
- using / Using noop
- noop meta-parameter / The noop meta-parameter
O
- objects
- about / The SELinux framework
- open-source configuration management software
- URL, for comparison / What is Puppet?
- open source Puppet
- about / What is Puppet?
- openssh configuration file / The openssh configuration file
- options, fileserver.conf file
- [mountpoint] / The fileserver.conf file
- path / The fileserver.conf file
- allow / The fileserver.conf file
- deny / The fileserver.conf file
P
- package
- auditing / Auditing a package
- packages, ELK stack
- URL, for downloading / Installing the ELK stack
- parameters, selboolean type
- name / The selboolean type
- persistent / The selboolean type
- provider / The selboolean type
- value / The selboolean type
- parameters, selmodule type
- name / The selmodule type
- ensure / The selmodule type
- provider / The selmodule type
- selmoduledir / The selmodule type
- selmodulepath / The selmodule type
- syncversion / The selmodule type
- params class
- about / Vendor-supplied defaults and the PCI
- reference link / Vendor-supplied defaults and the PCI
- password file
- auditing / Auditing the password file
- modifying / Changing the password file and rerunning Puppet
- PCI DSS
- about / The PCI DSS and how Puppet can help
- URL / The PCI DSS and how Puppet can help
- network-based PCI requirements / Network-based PCI requirements
- vendor-supplied defaults / Vendor-supplied defaults and the PCI
- system protection, against malware / Protecting the system against malware
- secure systems, maintaining / Maintaining secure systems
- authentication, to systems / Authenticating access to systems
- policy
- reference link / Configuring SELinux with community modules
- policy-based autosign / Policy-based autosign
- post rules
- creating / Creating pre and post rules
- pre rules
- creating / Creating pre and post rules
- presentation, Puppet 4
- reference link / Other Puppet resources
- providers / Introducing the firewall module
- providers, augeasproviders modules
- kernel_parameter / The herculesteam/augeasproviders series of modules
- pam / The herculesteam/augeasproviders series of modules
- puppet_auth / The herculesteam/augeasproviders series of modules
- shellvar / The herculesteam/augeasproviders series of modules
- sshd_config / The herculesteam/augeasproviders series of modules
- sshd_config_subsystem / The herculesteam/augeasproviders series of modules
- sysctl / The herculesteam/augeasproviders series of modules
- syslog / The herculesteam/augeasproviders series of modules
- Puppet
- about / What is Puppet?
- declarative, versus imperative approaches / Declarative versus imperative approaches
- client-server model / The Puppet client-server model
- components / Other Puppet components
- installing / Installing and configuring Puppet
- configuring / Installing and configuring Puppet, Configuring Puppet
- URL, for installation instructions / Installing and configuring Puppet
- URL, for configuration settings / Configuring Puppet
- security feature / Puppet for security and compliance
- compliance feature / Puppet for security and compliance
- used, for tracking changes / Change tracking with Puppet
- rerunning / Changing the password file and rerunning Puppet
- and SSL / SSL and Puppet
- and Logstash / Logstash and Puppet
- and SELinux / SELinux and Puppet
- reporting resources / Additional reporting resources
- resources / Other Puppet resources
- Puppet, on Junos
- reference link / Puppet device management
- Puppet, used for securing openssh
- about / Example – using Puppet to secure openssh
- Vagrant virtual machine, starting / Starting the Vagrant virtual machine
- virtual machine connection / Connecting to our virtual machine
- module, creating / Creating the module
- module, building / Building the module
- openssh configuration file, building / The openssh configuration file
- site.pp file / The site.pp file
- code, running / Running our new code
- puppet-cis module
- reference link / The arildjensen/cis module
- Puppet agent
- installing / Installing the Puppet agent
- Puppet Approved modules
- about / The Puppet Forge
- Puppet authentication
- about / Example – Puppet authentication
- second Vagrant host, adding / Adding our second Vagrant host
- Puppet community
- about / The Puppet community
- references / The Puppet community
- PuppetDB
- about / PuppetDB
- reporting / PuppetDB and reporting
- Puppet device management
- about / Puppet device management
- references / Puppet device management
- Puppet Enterprise
- URL / Other Puppet resources
- Puppet Forge
- about / The Puppet Forge
- URL / The Puppet Forge
- puppetlabs-firewall module / Introducing the firewall module
- puppetlabs-stdlib module
- puppetlabs/firewall website
- reference link / Creating pre and post rules
- Puppet Labs ticket
- reference link / Things to know about audit
- Puppet Labs Yum repository
- Puppet Master
- installing / Installing the Puppet Master
- Puppet Masters
- about / The Puppet client-server model
- Puppet modules
- writing / Writing and testing Puppet modules
- testing / Writing and testing Puppet modules
- references / Writing and testing Puppet modules
- Puppet report directory / The store processors
- Puppet reporting
- about / Basic Puppet reporting
- references / Basic Puppet reporting
- store processors / The store processors
- last node run time, displaying / Example – showing the last node runtime
- Puppet roles pattern
- about / The Puppet role's pattern
- Puppet scope
- reference link / The noop meta-parameter
- Puppet security-related configuration
- about / Puppet security related configuration
- auth.conf file / The auth.conf file
- fileserver.conf file / The fileserver.conf file
- Puppet Server
- URL / Other Puppet resources
- Puppet services
- about / Puppet services
- Puppet Supported modules
- about / The Puppet Forge
- Puppet versions
- reference link / The store processors
R
- r10k
- reporting, for compliance
- about / Reporting for compliance
- heartbleed-vulnerable systems, finding / Example – finding heartbleed-vulnerable systems
- reporting, on log data
- about / Reporting on log data
- reporting, PuppetDB
- about / PuppetDB and reporting
- recent reports, obtaining / Example – getting recent reports
- event counts, obtaining / Example – getting event counts
- simple PuppetDB dashboard example / Example – a simple PuppetDB dashboard
- report processors
- HTTP / Basic Puppet reporting
- Store / Basic Puppet reporting
- Tagmail / Basic Puppet reporting
- PuppetDB / Basic Puppet reporting
- about / Basic Puppet reporting
- resource chaining / Building the module
- resource command
- reference link / Audit on other resource types
- resource ordering
- reference link / Building the module
- resources
- purging / Purging resources
- resources type
- parameters / Purging resources
- resource types
- auditing / Audit on other resource types
- references / Audit on other resource types
- REST
- about / PuppetDB and reporting
- rspec
- URL / Vendor-supplied defaults and the PCI
- reference link / Writing and testing Puppet modules
- rspec-puppet
- reference link / Writing and testing Puppet modules
- rsynclocal module, parameters
S
- Salt
- about / What is Puppet?
- saz/sudo module
- about / The saz/sudo module
- reference link / The saz/sudo module
- scaling, Puppet
- reference link / Puppet services
- security, Puppet / Puppet for security and compliance
- selboolean type
- about / SELinux and Puppet, The selboolean type
- parameters / The selboolean type
- SELinux
- about / Introducing SELinux and auditd
- references / The SELinux framework
- and Puppet / SELinux and Puppet
- file type parameters / File parameters for SELinux
- configuring, with community modules / Configuring SELinux with community modules
- SELinux Booleans
- references / The selboolean type
- SELinux framework
- about / The SELinux framework
- SELinux policy modules
- reference link / Configuring SELinux with community modules
- selmodule type
- about / SELinux and Puppet, The selmodule type
- parameters / The selmodule type
- services, Puppet
- about / Puppet services
- site.pp file / The site.pp file
- software repositories
- spec tests, Puppet
- reference link / Vendor-supplied defaults and the PCI
- SSH
- managing, with augeasproviders / Managing SSH with augeasproviders
- SSL
- about / SSL and Puppet
- reference link / SSL and Puppet
- and Puppet / SSL and Puppet
- SSL extensions
- reference link / Policy-based autosign
- store processors
- about / The store processors
- subject
- about / The SELinux framework
- system state
- documenting, with manifests / Using manifests to document the system state
T
- types
- about / The SELinux framework
V
- Vagrant
- URL, for downloading / Installing Vagrant and VirtualBox
- installing / Installing Vagrant and VirtualBox
- Vagrant Cloud
- Vagrantfile
- creating / Creating our first Vagrantfile
- Version 4 report format, Puppet
- reference link / Example – showing the last node runtime
- version control
- used, for tracking manifests history / Tracking history with version control
- Puppet configuration, tracking with git / Using git to track Puppet configuration
- modules, tracking / Tracking modules separately
- VirtualBox
- URL, for downloading / Installing Vagrant and VirtualBox
- installing / Installing Vagrant and VirtualBox
Y
- YAML
- about / How it works
- YAML formatting
- reference link / The hiera-eyaml gem